+

WO2005072118A3 - Preventing network data injection attacks using duplicate-ack and reassembly gap approaches - Google Patents

Preventing network data injection attacks using duplicate-ack and reassembly gap approaches Download PDF

Info

Publication number
WO2005072118A3
WO2005072118A3 PCT/US2005/001020 US2005001020W WO2005072118A3 WO 2005072118 A3 WO2005072118 A3 WO 2005072118A3 US 2005001020 W US2005001020 W US 2005001020W WO 2005072118 A3 WO2005072118 A3 WO 2005072118A3
Authority
WO
WIPO (PCT)
Prior art keywords
ack
tcp
injection attacks
reassembly
duplicate
Prior art date
Application number
PCT/US2005/001020
Other languages
French (fr)
Other versions
WO2005072118B1 (en
WO2005072118A2 (en
Inventor
Anantha Ramaiah
Randall Stewart
Peter Lei
Patrick Mahan
Original Assignee
Cisco Tech Inc
Anantha Ramaiah
Randall Stewart
Peter Lei
Patrick Mahan
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cisco Tech Inc, Anantha Ramaiah, Randall Stewart, Peter Lei, Patrick Mahan filed Critical Cisco Tech Inc
Priority to CA2548476A priority Critical patent/CA2548476C/en
Priority to EP05705601.2A priority patent/EP1716488B1/en
Publication of WO2005072118A2 publication Critical patent/WO2005072118A2/en
Publication of WO2005072118A3 publication Critical patent/WO2005072118A3/en
Publication of WO2005072118B1 publication Critical patent/WO2005072118B1/en
Priority to HK07102798.3A priority patent/HK1097617A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/27Evaluation or update of window size, e.g. using information derived from acknowledged [ACK] packets
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/29Flow control; Congestion control using a combination of thresholds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/32Flow control; Congestion control by discarding or delaying data units, e.g. packets or frames
    • H04L47/323Discarding or blocking control packets, e.g. ACK packets
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/34Flow control; Congestion control ensuring sequence integrity, e.g. using sequence numbers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/163In-band adaptation of TCP data exchange; In-band control procedures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Approaches for preventing TCP data injection attacks in packet-switched networks are disclosed. An ACK message or dummy segment is sent to verify the authenticity of the data in the re-assembly buffer, and to help discard spurious data faster. These approaches involve the sender in detection of spurious data, and make improved use of mechanisms for processing ACK messages that are native to typical TCP implementations. The latter approach may be implemented without modification of the sender's TCP implementation. Further, the receiver's TCP implementation maintains compatibility with RFC 793.
PCT/US2005/001020 2004-01-16 2005-01-11 Preventing network data injection attacks using duplicate-ack and reassembly gap approaches WO2005072118A2 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CA2548476A CA2548476C (en) 2004-01-16 2005-01-11 Preventing network data injection attacks using duplicate-ack and reassembly gap approaches
EP05705601.2A EP1716488B1 (en) 2004-01-16 2005-01-11 Preventing network data injection attacks using duplicate ACK and re-assembly gap approaches
HK07102798.3A HK1097617A1 (en) 2004-01-16 2007-03-15 Preventing network data injection attacks using duplicate-ack and re- assembly gap approaches ack

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US53737204P 2004-01-16 2004-01-16
US60/537,372 2004-01-16
US10/815,218 US7257840B2 (en) 2004-01-16 2004-03-30 Preventing network data injection attacks using duplicate-ACK and reassembly gap approaches
US10/815,218 2004-03-30

Publications (3)

Publication Number Publication Date
WO2005072118A2 WO2005072118A2 (en) 2005-08-11
WO2005072118A3 true WO2005072118A3 (en) 2006-05-26
WO2005072118B1 WO2005072118B1 (en) 2006-08-24

Family

ID=34830445

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2005/001020 WO2005072118A2 (en) 2004-01-16 2005-01-11 Preventing network data injection attacks using duplicate-ack and reassembly gap approaches

Country Status (5)

Country Link
US (1) US7257840B2 (en)
EP (1) EP1716488B1 (en)
CA (1) CA2548476C (en)
HK (1) HK1097617A1 (en)
WO (1) WO2005072118A2 (en)

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7203961B1 (en) * 2004-01-09 2007-04-10 Cisco Technology, Inc. Preventing network reset denial of service attacks
US7478429B2 (en) * 2004-10-01 2009-01-13 Prolexic Technologies, Inc. Network overload detection and mitigation system and method
US7412600B2 (en) 2005-10-28 2008-08-12 Cisco Technology, Inc. Approaches for automatically switching message authentication keys
US7990861B1 (en) * 2006-04-03 2011-08-02 Juniper Networks, Inc. Session-based sequence checking
EP1868321B1 (en) * 2006-06-12 2016-01-20 Mitsubishi Denki Kabushiki Kaisha In-line content analysis of a TCP segment stream
EP1912402B1 (en) * 2006-10-10 2019-08-28 Mitsubishi Electric R&D Centre Europe B.V. Protection of the data transmission network systems against buffer oversizing attacks
EP1993298A3 (en) * 2007-05-17 2010-04-07 Hitachi, Ltd. Apparatuses for the distribution of information in a mobile communications network
US7860079B2 (en) * 2007-10-11 2010-12-28 Nortel Networks Limited Method and apparatus to protect wireless networks from unsolicited packets triggering radio resource consumption
JP5071178B2 (en) * 2008-03-14 2012-11-14 富士通株式会社 Packet transmission equipment
US8671332B2 (en) * 2009-04-30 2014-03-11 The Johns Hopkins University Systems and methods for a rateless round robin protocol for adaptive error control
US20120030759A1 (en) * 2010-07-28 2012-02-02 Alcatel-Lucent Usa Inc. Security protocol for detection of fraudulent activity executed via malware-infected computer system
US9342709B2 (en) 2010-10-27 2016-05-17 Hewlett-Packard Enterprise Development LP Pattern detection
CN103973584B (en) * 2013-02-06 2017-10-24 阿里巴巴集团控股有限公司 The method and apparatus of the pass-through mode of switching at runtime packet
US9461931B1 (en) * 2014-03-03 2016-10-04 Sonus Networks, Inc. Methods and apparatus for preventing head of line blocking for RTP over TCP
CN112383046B (en) * 2020-09-29 2023-09-29 中国南方电网有限责任公司超高压输电公司 Voltage amplitude false data injection attack method for alternating current-direct current series-parallel system
CN112491871B (en) * 2020-11-25 2023-07-28 北京宝兰德软件股份有限公司 TCP reorganization method, TCP reorganization device, electronic equipment and storage medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020145976A1 (en) * 2001-04-04 2002-10-10 Michael Meyer Data flow control method
US20030191844A1 (en) * 2000-05-25 2003-10-09 Michael Meyer Selective repeat protocol with dynamic timers

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7013482B1 (en) * 2000-07-07 2006-03-14 802 Systems Llc Methods for packet filtering including packet invalidation if packet validity determination not timely made
US7301899B2 (en) * 2001-01-31 2007-11-27 Comverse Ltd. Prevention of bandwidth congestion in a denial of service or other internet-based attack
AU2002216136A1 (en) * 2001-12-04 2003-06-17 Nokia Corporation Method and system for dispatching multiple tcp packets from communication systems
US8370936B2 (en) * 2002-02-08 2013-02-05 Juniper Networks, Inc. Multi-method gateway-based network security systems and methods
US7266754B2 (en) * 2003-08-14 2007-09-04 Cisco Technology, Inc. Detecting network denial of service attacks

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030191844A1 (en) * 2000-05-25 2003-10-09 Michael Meyer Selective repeat protocol with dynamic timers
US20020145976A1 (en) * 2001-04-04 2002-10-10 Michael Meyer Data flow control method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP1716488A4 *

Also Published As

Publication number Publication date
HK1097617A1 (en) 2007-06-29
WO2005072118B1 (en) 2006-08-24
EP1716488A4 (en) 2012-11-07
US7257840B2 (en) 2007-08-14
CA2548476C (en) 2014-06-10
EP1716488A2 (en) 2006-11-02
CA2548476A1 (en) 2005-08-11
EP1716488B1 (en) 2014-04-30
WO2005072118A2 (en) 2005-08-11
US20050160293A1 (en) 2005-07-21

Similar Documents

Publication Publication Date Title
WO2005072118A3 (en) Preventing network data injection attacks using duplicate-ack and reassembly gap approaches
WO2007123705A3 (en) Enhanced security for electronic communications
US7725709B2 (en) Methods for secure and bandwidth efficient cryptographic synchronization
EP1601156A3 (en) Method for real-time transport protocol (RTP) packet authentication
WO2006116620A3 (en) Ciphering and re-ordering packets in a wireless communication system
MX2009011403A (en) Method and apparatus for detecting port scans with fake source address.
EP1429230A3 (en) Improved secret hashing for TCP SYN/FIN correspondence
WO2005117356A3 (en) Quarantine networking
WO2004107137A3 (en) Method and code for authenticating electronic messages
KR20060054016A (en) Method and system for verifying incoming messages
WO2007047417A3 (en) Strong anti-replay protection for ip traffic
TW200741504A (en) Malicious attack detection system and an associated method of use
WO2004006073A3 (en) Storage and authentication of data transactions
WO2005048019A3 (en) Data message mirroring and redirection
WO2004019574A3 (en) System for prevention of undesirable internet content
WO2005008442A3 (en) Ticket-based secure time delivery in digital networks
Thornburgh Adobe's Secure Real-Time Media Flow Protocol
EP1583319A3 (en) Authenticated exchange of public information using electronic mail
WO2004068824A3 (en) Voice signature with strong binding
Hossain et al. Secupan: A security scheme to mitigate fragmentation-based network attacks in 6lowpan
TWI339045B (en)
DE60116964D1 (en) Encryption processing for a media stream
EP2663019A3 (en) GSM Cryptanalysis device and method
CN116155477B (en) An IPsec anti-replay method and system based on dynamic sliding window
Goldschmidt TCP Reset Cookies–a heuristic method for TCP SYN Flood mitigation

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 200580001579.2

Country of ref document: CN

AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2548476

Country of ref document: CA

NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Ref document number: DE

WWE Wipo information: entry into national phase

Ref document number: 2005705601

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2005705601

Country of ref document: EP

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载